At home I have a server running Fedora 25 which I'm using for routing my internet connection, mail server etc. I'm using a sixxs IPv6 tunnel for IPv6 connectivity and I'm using a internet routed IPv6 subnet from sixxs on my home network.
Now the trouble starts; I've configured an IPv6 address from the IPv6 subnet on my (home) network interface which is connected to my home network and I'd like to have different rules for internal and external hosts but this interface has zone "internal" for IPv4 and it should be labelled "external" for IPv6.
I've tried working around this by adding a rich rule to drop all IPv6 traffic from the zone public (this works) but I cannot add allow rules because the allow rules seem to be handled after the deny rules...
Whould it be possible to use different zones for IPv4 and IPv6 on the same interface? Is is possible to change the allow / deny order for the public zone?
If this isn't possible I guess I should add a VLAN for IPv6 to have different interfaces for IPv4/6
firewalld-users@lists.fedorahosted.org